Sending authextra-Argument to dynamic authenticator does not work as expected!

#1

I am having some problems with providing extra information to a dynamic authenticator. I have started with the dynamic “anonymous” authentication example form the crossbario repository and changed the following code to:

def onConnect(self):
   print('Client session connected.')
   self.join(self.config.realm, authmethods=[u'anonymous'], authid=u"justatest", authextra={u'msg': u'hello', u'details': u'world'})

In the dynamic authenticator the code is the following:

@inlineCallbacks
def onJoin(self, details):

   def authenticate(realm, authid, details):
      print("WAMP-Anonymous dynamic authenticator invoked: realm='{}', authid='{}'".format(realm, authid))
      pprint(details)
      principal = {
         u'role': u'public',
         u'extra': {
            u'eins': u'zwo',
            u'drei': [4, 5, 6]
         }
      }
      return principal

   try:
      yield self.register(authenticate, 'com.example.authenticate')
      print("WAMP-Anonymous dynamic authenticator registered!")
   except Exception as e:
      print("Failed to register dynamic authenticator: {0}".format(e)) 


Crossbar is being started within the directory of the sample-code so that it loads its configuration.


At the time the client calls "**self.join()**" the dynamic authenticator calls the "**authenticate()**" handler just as expected. **Realm** and even **authid** match the clients values but **authextra** is **None:**

2016-08-02T12:58:20+0200 [Router 11139] {‘authextra’: None,

2016-08-02T12:58:20+0200 [Router 11139] ‘authmethod’: None,

2016-08-02T12:58:20+0200 [Router 11139] ‘session’: 3106410583611871,

2016-08-02T12:58:20+0200 [Router 11139] ‘transport’: {‘cbtid’: None,

2016-08-02T12:58:20+0200 [Router 11139] ‘http_headers_received’: {‘cache-control’: ‘no-cache’,

2016-08-02T12:58:20+0200 [Router 11139] ‘connection’: ‘Upgrade’,

2016-08-02T12:58:20+0200 [Router 11139] ‘host’: ‘localhost:8080’,

2016-08-02T12:58:20+0200 [Router 11139] ‘pragma’: ‘no-cache’,

2016-08-02T12:58:20+0200 [Router 11139] ‘sec-websocket-extensions’: 'permessage-deflate; ’

2016-08-02T12:58:20+0200 [Router 11139] 'client_no_context_takeover; ’

2016-08-02T12:58:20+0200 [Router 11139] ‘client_max_window_bits’,

2016-08-02T12:58:20+0200 [Router 11139] ‘sec-websocket-key’: ‘CxV9haPhuPrv7e91HukqPw==’,

2016-08-02T12:58:20+0200 [Router 11139] ‘sec-websocket-protocol’: ‘wamp.2.cbor.batched,wamp.2.cbor,wamp.2.msgpack.batched,wamp.2.msgpack,wamp.2.ubjson.batched,wamp.2.ubjson,wamp.2.json.batched,wamp.2.json’,

2016-08-02T12:58:20+0200 [Router 11139] ‘sec-websocket-version’: ‘13’,

2016-08-02T12:58:20+0200 [Router 11139] ‘upgrade’: ‘WebSocket’,

2016-08-02T12:58:20+0200 [Router 11139] ‘user-agent’: ‘AutobahnPython/0.15.0’},

2016-08-02T12:58:20+0200 [Router 11139] ‘http_headers_sent’: {},

2016-08-02T12:58:20+0200 [Router 11139] ‘peer’: ‘tcp4:127.0.0.1:54268’,

2016-08-02T12:58:20+0200 [Router 11139] ‘protocol’: ‘wamp.2.cbor.batched’,

2016-08-02T12:58:20+0200 [Router 11139] ‘type’: ‘websocket’}}

Since the authextra argument will help me realizing my application, I really need to know how to set this or if there is any other way to transmit extra information to the dynamic authenticator? I can’t find detail on this in the docs.

Thanks,

Simon

0 Likes

#2

checkout this:

https://github.com/crossbario/crossbarexamples/tree/master/authentication/advanced

works for me:

(cpy351_5) oberstet@thinkpad-t430s:~/scm/crossbario/crossbarexamples/authentication/advanced$ crossbar start
2016-08-02T13:25:06+0200 [Controller 27858] New node key pair generated!
2016-08-02T13:25:06+0200 [Controller 27858] File permissions on node public key fixed!
2016-08-02T13:25:06+0200 [Controller 27858] File permissions on node private key fixed!
2016-08-02T13:25:06+0200 [Controller 27858] Node configuration loaded from 'config.json'
2016-08-02T13:25:06+0200 [Controller 27858] __ __ __ __ __ __ __ __
2016-08-02T13:25:06+0200 [Controller 27858] / `|__)/ \/__`/__`|__) /\ |__) |/ \
2016-08-02T13:25:06+0200 [Controller 27858] \__,| \\__/.__/.__/|__)/~~\| \. |\__/
2016-08-02T13:25:06+0200 [Controller 27858]

2016-08-02T13:25:06+0200 [Controller 27858] Crossbar.io Version: 0.15.0
2016-08-02T13:25:06+0200 [Controller 27858] Node Public Key: f028e45f7e6f8463a58e5edaf857e0976263b0ae0702740a3014b605a19eb80e
2016-08-02T13:25:06+0200 [Controller 27858]
2016-08-02T13:25:06+0200 [Controller 27858] Running from node directory '/home/oberstet/scm/crossbario/crossbarexamples/authentication/advanced/.crossbar'
2016-08-02T13:25:06+0200 [Controller 27858] Controller process starting (CPython-EPollReactor) ..
2016-08-02T13:25:06+0200 [Controller 27858] Node ID 'thinkpad-t430s' set from hostname
2016-08-02T13:25:06+0200 [Controller 27858] Using default node shutdown triggers ['shutdown_on_worker_exit']
2016-08-02T13:25:06+0200 [Controller 27858] Joined realm 'crossbar' on node management router
2016-08-02T13:25:06+0200 [Controller 27858] Starting Router with ID 'worker-001'...
2016-08-02T13:25:07+0200 [Router 27863] Worker process starting (CPython-EPollReactor) ..
2016-08-02T13:25:07+0200 [Controller 27858] Router with ID 'worker-001' and PID 27863 started
2016-08-02T13:25:07+0200 [Router 27863] Realm 'realm-auth' started
2016-08-02T13:25:07+0200 [Controller 27858] Router 'worker-001': realm 'realm-001' (named 'realm-auth') started
2016-08-02T13:25:07+0200 [Controller 27858] Router 'worker-001': role 'role-001' (named 'authenticator') started on realm 'realm-001'
2016-08-02T13:25:07+0200 [Router 27863] Realm 'realm-user1' started
2016-08-02T13:25:07+0200 [Controller 27858] Router 'worker-001': realm 'realm-002' (named 'realm-user1') started
2016-08-02T13:25:07+0200 [Controller 27858] Router 'worker-001': role 'role-002' (named 'user') started on realm 'realm-002'
2016-08-02T13:25:07+0200 [Router 27863] Realm 'realm-user2' started
2016-08-02T13:25:07+0200 [Controller 27858] Router 'worker-001': realm 'realm-003' (named 'realm-user2') started
2016-08-02T13:25:07+0200 [Controller 27858] Router 'worker-001': role 'role-003' (named 'user') started on realm 'realm-003'
2016-08-02T13:25:07+0200 [Router 27863] started component: authenticator.AuthenticatorSession id=7865711372128988
2016-08-02T13:25:07+0200 [Router 27863] WAMP-Ticket dynamic authenticator joined: SessionDetails(realm=<realm-auth>, session=7865711372128988, authid=<None>, authrole=<authenticator>, authmethod=None, authprovider=None, authextra=None)
2016-08-02T13:25:07+0200 [Router 27863] WAMP-Ticket dynamic authenticator registered!
2016-08-02T13:25:07+0200 [Controller 27858] Router 'worker-001': component 'component-001' started
2016-08-02T13:25:07+0200 [Router 27863] Site starting on 8080
2016-08-02T13:25:07+0200 [Controller 27858] Router 'worker-001': transport 'transport-001' started
2016-08-02T13:25:28+0200 [Router 27863] WAMP-Ticket dynamic authenticator invoked: realm='None', authid='user1', details=
2016-08-02T13:25:28+0200 [Router 27863] {'authextra': None,
2016-08-02T13:25:28+0200 [Router 27863] 'authmethod': None,
2016-08-02T13:25:28+0200 [Router 27863] 'session': 6681575933426307,
2016-08-02T13:25:28+0200 [Router 27863] 'ticket': '123secret',
2016-08-02T13:25:28+0200 [Router 27863] 'transport': {'cbtid': None,
2016-08-02T13:25:28+0200 [Router 27863] 'http_headers_received': {'cache-control': 'no-cache',
2016-08-02T13:25:28+0200 [Router 27863] 'connection': 'Upgrade',
2016-08-02T13:25:28+0200 [Router 27863] 'host': 'localhost:8080',
2016-08-02T13:25:28+0200 [Router 27863] 'pragma': 'no-cache',
2016-08-02T13:25:28+0200 [Router 27863] 'sec-websocket-extensions': 'permessage-deflate; '
2016-08-02T13:25:28+0200 [Router 27863] 'client_no_context_takeover; '
2016-08-02T13:25:28+0200 [Router 27863] 'client_max_window_bits',
2016-08-02T13:25:28+0200 [Router 27863] 'sec-websocket-key': 'n0q8bmPvxWCRvpcPQ00XRA==',
2016-08-02T13:25:28+0200 [Router 27863] 'sec-websocket-protocol': 'wamp.2.cbor.batched,wamp.2.cbor,wamp.2.msgpack.batched,wamp.2.msgpack,wamp.2.ubjson.batched,wamp.2.ubjson,wamp.2.json.batched,wamp.2.json',
2016-08-02T13:25:28+0200 [Router 27863] 'sec-websocket-version': '13',
2016-08-02T13:25:28+0200 [Router 27863] 'upgrade': 'WebSocket',
2016-08-02T13:25:28+0200 [Router 27863] 'user-agent': 'AutobahnPython/0.15.0'},
2016-08-02T13:25:28+0200 [Router 27863] 'http_headers_sent': {},
2016-08-02T13:25:28+0200 [Router 27863] 'peer': 'tcp4:127.0.0.1:4523',
2016-08-02T13:25:28+0200 [Router 27863] 'protocol': 'wamp.2.cbor.batched',
2016-08-02T13:25:28+0200 [Router 27863] 'type': 'websocket'}}
2016-08-02T13:25:28+0200 [Router 27863] WAMP-Ticket authentication success: {'extra': {'my-custom-welcome-data': [1, 2, 3]}, 'realm': 'realm-user1', 'role': 'user'}

(cpy351_5) oberstet@thinkpad-t430s:~/scm/crossbario/crossbarexamples/authentication/advanced$ python client.py
Connecting to ws://localhost:8080/ws: realm=None, authid=user1
2016-08-02T13:25:28+0200 ClientSession connected. Joining realm <not

under authid <user1>

2016-08-02T13:25:28+0200 ClientSession challenge received: Challenge(method=ticket, extra={})
2016-08-02T13:25:28+0200 ClientSession joined: SessionDetails(realm=<realm-user1>, session=6681575933426307, authid=<user1>, authrole=<user>, authmethod=ticket, authprovider=dynamic, authextra={'my-custom-welcome-data': [1, 2, 3]})
2016-08-02T13:25:28+0200 ClientSession left: CloseDetails(reason=<wamp.close.normal>, message='None')
2016-08-02T13:25:28+0200 ClientSession disconnected
2016-08-02T13:25:28+0200 Main loop terminated.

0 Likes

#3

Surely this works but that's not the problem I am having.

Returning authextra from the dynamic authenticator to clients works as expected.

The problem is that when you set the authextra argument on "self.join()" in the client, this information will not be forwarded into the dynamic authenticator!

I have tried multiple client examples (CRA, ticket, etc.) but none of them forwarded the authextra argument to the authenticator!

thanks,

Simon

0 Likes

#4

It should be forwarded .. here is WAMP-cryptosign using that

https://github.com/crossbario/crossbarexamples/blob/master/authentication/cryptosign/dynamic/client.py#L58

https://github.com/crossbario/crossbarexamples/blob/master/authentication/cryptosign/dynamic/authenticator.py#L96

PS: it might be that authextra isn't forwarded for other auth methods - if so, that would be a bug. And if so, best would be to create a minimal example and file an issue ..

···

Am 02.08.2016 um 13:38 schrieb Simon Kemper:

Surely this works but that's not the problem I am having.

Returning authextra from the dynamic authenticator to clients works as expected.

The problem is that when you set the authextra argument on "self.join()" in the client, this information will not be forwarded into the dynamic authenticator!

I have tried multiple client examples (CRA, ticket, etc.) but none of them forwarded the authextra argument to the authenticator!

thanks,

Simon

0 Likes

#5

Yepp, WAMP-cryptosign is forwarding the authextra argument, just as you expected! It really seems like there is a bug. I will prepare a bug-description with examples, just let me know where to file it (in which repository)!?

Thanks,

Simon

···

On Tuesday, August 2, 2016 at 2:33:22 PM UTC+2, Tobias Oberstein wrote:

Am 02.08.2016 um 13:38 schrieb Simon Kemper:

Surely this works but that’s not the problem I am having.

Returning authextra from the dynamic authenticator to clients works as expected.

The problem is that when you set the authextra argument on “self.join()” in the client, this information will not be forwarded into the dynamic authenticator!

I have tried multiple client examples (CRA, ticket, etc.) but none of them forwarded the authextra argument to the authenticator!

thanks,

Simon

It should be forwarded … here is WAMP-cryptosign using that

https://github.com/crossbario/crossbarexamples/blob/master/authentication/cryptosign/dynamic/client.py#L58

https://github.com/crossbario/crossbarexamples/blob/master/authentication/cryptosign/dynamic/authenticator.py#L96

PS: it might be that authextra isn’t forwarded for other auth methods -
if so, that would be a bug. And if so, best would be to create a minimal
example and file an issue …

0 Likes

#6

Yepp, WAMP-cryptosign is forwarding the authextra argument, just as you
expected! It really seems like there is a bug. I will prepare a
bug-description with examples, just let me know where to file it (in which
repository)!?

Hi Simon,

not sure where the bug is .. please file to crossbario/crossbar repo ..

Thanks,
Tobias

···

Am 02.08.2016 um 14:45 schrieb Simon Kemper:

Thanks,

Simon

On Tuesday, August 2, 2016 at 2:33:22 PM UTC+2, Tobias Oberstein wrote:

Am 02.08.2016 um 13:38 schrieb Simon Kemper:

Surely this works but that's not the problem I am having.

Returning authextra from the dynamic authenticator to clients works as

expected.

The problem is that when you set the authextra argument on "self.join()"

in the client, this information will not be forwarded into the dynamic
authenticator!

I have tried multiple client examples (CRA, ticket, etc.) but none of

them forwarded the authextra argument to the authenticator!

thanks,

Simon

It should be forwarded .. here is WAMP-cryptosign using that

https://github.com/crossbario/crossbarexamples/blob/master/authentication/cryptosign/dynamic/client.py#L58

https://github.com/crossbario/crossbarexamples/blob/master/authentication/cryptosign/dynamic/authenticator.py#L96

PS: it might be that authextra isn't forwarded for other auth methods -
if so, that would be a bug. And if so, best would be to create a minimal
example and file an issue ..

0 Likes

#7

I have just taken a look at the crossbar router source and in https://github.com/crossbario/crossbar/tree/master/crossbar/router/auth you can easily see that in the cryptosign.py the overridden function: “def hello(self, realm, details):” forwards the “authextra” to the callback handler.

In all the other subclasses the authextra isn’t being forwarded since never being touched.

With adding the following to the dynamic part of the function this bug would be fixed (not tested yet):

self._session_details[u’authextra’] = details.authextra

This is missing in all the others…

0 Likes

#8

Hi Simon,

Yeah, looks like bug;) Please file an issue on crossbario/crossbar ..

Thanks!
Tobias

···

Am 02.08.2016 um 15:09 schrieb Simon Kemper:

I have just taken a look at the crossbar router source and in
https://github.com/crossbario/crossbar/tree/master/crossbar/router/auth you
can easily see that in the cryptosign.py the overridden function: "def hello
(self, realm, details):" forwards the "authextra" to the callback handler.

In all the other subclasses the authextra isn't being forwarded since never
being touched.

With adding the following to the dynamic part of the function this bug
would be fixed (not tested yet):

self._session_details[u'authextra'] = details.authextra

This is missing in all the others...

0 Likes

#9

Hi Tobias,

as you might have already seen I have filed an issue on crossbario/crossbar.

Best,

Simon

0 Likes

#10

This is fixed now on master branch: authextra is forwarded for all auth methods.

···

Am Mittwoch, 3. August 2016 10:08:13 UTC+2 schrieb Simon Kemper:

Hi Tobias,

as you might have already seen I have filed an issue on crossbario/crossbar.

Best,

Simon

0 Likes